We don’t like the sound of this…
As technology improves, so does the sophistication of cyberattacks, making it harder and harder to secure our devices from hackers. And now there’s a new tool available to hackers to bolster their arsenal. It’s simple and pretty cheap to implement – sound.
Researchers at the University of Michigan and University of South Carolina on Tuesday detailing how sound waves can be used to control accelerometers – the sensors in wearables and phones which determine when you’re moving and at what speed – which are used in millions of gadgets including phones, fitness trackers, cars, medical equipment and connected (IoT) devices.
A US$5 speaker was used to blast sound waves from “malicious” music files at 20 different accelerometers from five manufacturers, spooking the sensors and causing the devices to malfunction.
“It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words,” Kevin Fu, one of the authors of the paper and associate professor at the University of Michigan, . “You can think of it as a musical virus.”
Unfortunately, the paper offered no comment on the harmful effects of listening to Nickelback.
The researchers used the resonating frequency from the audio files to perform some simple hacks, like causing one accelerometer to spell out the word ‘Walnut’ in a graph and a Fitbit to record ghost steps.They were able to affect 75 percent of the sensors and actually control 65 percent of them.
However, this simple tool could (possibly) do far more damage than registering a few extra steps that nobody took.
A Samsung Galaxy S5 running an app that controls a car’s steering via phone tilts was subjected to an acoustic attack, allowing the car to be piloted without moving the phone.
But it’s important to remember that this research is just a proof of concept that’s been used to highlight the security risks that popular consumer products are prone to. It doesn’t necessarily mean we’ll soon find hackers using opera to attack our gadgets.